add headers

packages/docusaurus/docs/03-Pangolin/02-Configuration/02-config.md

@@ -38,7 +38,15 @@ Pangolin is configured using a `config.yml` file. The file is expected to be mou
     - The name of the session cookie. This is used to store the session token for the main application.
 - `resource_access_token_param`: string
     - Example: `p_token`
-    - The query parameter used to pass the access token to the resource. Badger extracts this token and sends it to Pangolin to authenticate. This is used in direct share links that do not require a browser redirect.
+    - Pass access token in this query parameter in each request for authentication.
+- `resource_access_token_headers`: object
+    - Pass access token in these headers in each request for authentication.
+    - `id`: string
+        - Example: `P-Access-Token-Id`
+        - The name of the header used to pass the access token ID.
+    - `token`: string
+        - Example: `P-Access-Token`
+        - The name of the header used to pass the access token.
 - `resource_session_request_param`: string
     - Example: `p_session_request`
     - The query parameter used to pass the session request token to be exchanged for a real session token in Badger.
@@ -198,6 +206,9 @@ server:
     internal_hostname: "pangolin"
     session_cookie_name: "p_session_token"
     resource_access_token_param: "p_token"
+    resource_access_token_headers:
+        id: "P-Access-Token-Id"
+        token: "P-Access-Token"
     resource_session_request_param: "p_session_request"
 
 traefik: